I. Introduction
Ipvsadm is a tool for adding rules to the ipvs module. It does not provide any ipvs function, similar to iptables.
Ii. Algorithms
Static
1. round-robin (RR) sends messages in turn
2. weighted-round-robin (WRR) weighted round-robin Transmission
3. destination-hash: Create a hash table for the target ip address in the request and distribute the request based on the table and the backend RS status.
4. source-hash creates a hash table for the source IP address in the request. RS is allocated for subsequent requests for persistent connections.
Dynamic
1. The least-connection (LC) active * 256 + inactiv
2. weighted-least-connection (active * 256 + inactiv)/weight
3. shortest-benchmark CT-delay (active + 1) * 256/weight
4. Upgrade version of no-queue sed without queuing. If there is idle RS, it will be allocated directly.
5. Locality-Based Least Connections (dh + lc) is used for cache servers to maintain the ing between one host and one server.
6. Locality-Based Least Connections with lblc optimized by Replication, maintain the ing between a host and a group of servers
Iii. Use ipvsadm
1. Related Parameters
Ipvsadm-A | E-t | u | f service-address [-s scheduler] [-p [timeout] [-O] [-M netmask]
-A: add the lvs Service
-E Edit
-T: tcp
-U: udp
-F: firewall mark
Service-address: VIP: PORT
-S: schedule Scheduling Algorithm
-P: persistant persistent connection
-O: Only applicable to udp protocol, fixed by switching the client port
-M: netmask indicates the granularity for the client to maintain persistent connections.
Ipvsadm-D-t | u | f service-address
-D: Delete
Ipvsadm-a | e-t | u | f service-address-r server-address [-g | I | m] [-w weight] [-x upper] [-y lower]
-A: add
-E: Edit
-R: realserver-ip
-G: DR Model
-I: TUN Model
-M: NAT Model
-W: Weight
-X: Maximum number of connections allowed by RS
-Y: Minimum number of connections allowed by RS
Ipvsadm-d-t | u | f service-address-r server-address
-D Delete
# Service ipvsadm save -->/etc/sysconfig/ipvsadm save rules to the default file
# Ipvsadm-S>/path/to/file
# Ipvsadm-R </path/to/file
# Define SADM-C clearing rules
# Ipvsadm-Z counters return to zero
# Ipvsadm-L |-l view -- rate -- stats -- timeout
# Enable forwarding echo 1>/proc/sys/net/ipv4/ip_forward
2. Create a NAT
#ipvsadm -A -t 172.16.0.10:80 -s rr#ipvsadm -a -t 172.16.0.10:80 -r 192.168.0.1 -m#ipvsadm -a -t 172.16.0.10:80 -r 192.168.0.2 -m
3. Create a DR
#ipvsadm -A -t 172.16.100.10:80 -s lc#ipvsadm -a -t 172.16.100.10:80 -r 192.168.0.1 -g -w 2#ipvsadm -a -t 172.16.100.10:80 -r 192.168.0.2 -g -w 3
Add kernel parameters to RS respectively
# Echo 1>/proc/sys/net/ipv4/conf/lo/arp_ignore (ignore arp) # echo 2>/proc/sys/net/ipv4/conf/lo/arp_announce (arp not Reported) # echo 1>/proc/sys/net/ipv4/conf/all/arp_ignore # echo 2>/proc/sys/net/ipv4/conf/all/arp_announce
Bind a VIP to lo
#ifconfig lo:0 172.16.100.10 broadcast 172.16.100.10 netmask 255.255.255.255 up
Add a route
# route add -host 172.16.100.10 dev lo:0
4. Establish a firewall-based persistent connection
Port affinity
Persistent port connection
Persistent client connection
Mark all connections with ports 443 and 80 with the same code
#iptables -t mangle -A PREROUTING -p tcp -d $VIP --dport 80 -j MARK --set-mark 9#iptables -t mangle -A PREROUTING -p tcp -d $VI --dport 443 -j MARK --set-mark 9
Create fwm-based ipvs rules and add two RS
# ipvsadm -A -f 9 -s rr -p# ipvsadm -a -f 9 -r 172.16.0.1 -g# ipvsadm -a -f 9 -r 172.16.0.2 -g